cbcvebase.
CVE-2024-28949
published 2024-04-05

CVE-2024-28949: Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which…

medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

Affected

15 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 9.3.0+incompatible < 9.3.3+incompatible9.3.3+incompatible
github.commattermost_mattermost-server>= 9.4.0+incompatible < 9.4.4+incompatible9.4.4+incompatible
github.commattermost_mattermost-server>= 9.5.0+incompatible < 9.5.2+incompatible9.5.2+incompatible
github.commattermost_mattermost_server_v8>= 8.1.0 < 8.1.118.1.11
github.commattermost_mattermost_server_v8>= 9.3.0 < 9.3.39.3.3
github.commattermost_mattermost_server_v8>= 9.4.0 < 9.4.49.4.4
github.commattermost_mattermost_server_v8>= 9.5.0 < 9.5.29.5.2
mattermostmattermost8.1.0 – 8.1.10
mattermostmattermost9.3.0 – 9.3.2
mattermostmattermost9.4.0 – 9.4.3
mattermostmattermost9.5.0 – 9.5.1
mattermostmattermost_server>= 8.1.0 < 8.1.118.1.11
mattermostmattermost_server>= 9.3.0 < 9.3.39.3.3
mattermostmattermost_server>= 9.4.0 < 9.4.49.4.4
mattermostmattermost_server>= 9.5.0 < 9.5.29.5.2
CVE-2024-28949 — Uncontrolled Resource Consumption | cvebase